Fiat Chrysler Automobiles NV is offering a software patch to close a loophole that let two hackers take control of a moving Jeep sport-utility vehicle in an incident spotlighting the vulnerability of connected autos.
The company responded last month after Wired magazine published a story about the software programmers who were able to take over a Jeep Cherokee being driven on a Missouri highway. Fiat Chrysler said in a statement that it's not aware of any real-world unauthorized remote hack into any of its vehicles.
As autos become rolling smartphones, loaded with streaming music and apps, they open themselves to the viral and criminal threats that target PCs and credit-card databases. A since-closed flaw disclosed in January would let hackers open doors on 2.2 million BMW AG vehicles. The programmers who took over the Jeep listed vulnerabilities last year in 19 other models.
"This is a very big wake-up call for the industry that shows they have a weakness," said Egil Juliussen, director of research for the consultant IHS's automotive technology group. "They are worried about it and thinking about what they need to do. But it will be a while before cars are safe from a hacking attack."
On the same day last month as the Jeep hack article, Sens. Edward Markey, a Massachusetts Democrat, and Richard Blumenthal, a Connecticut Democrat, introduced legislation to direct the National Highway Traffic Safety Administration and the Federal Trade Commission to establish rules that would secure cars against hackers and protect consumer privacy.
The bill would create a rating system to tell consumers how secure their vehicles are beyond any minimum federal requirements. Markey released a report last year on gaps in car security systems, concluding that only two of 16 auto companies had the ability to detect and respond to a hacking attack.
Fiat Chrysler said that "after becoming aware of the vulnerabilities in some 2013 and 2014 vehicles equipped with the 8.4-inch touchscreen systems, FCA and several suppliers worked to fix the vulnerabilities in model year 2015 vehicles."
The software update patches the hole in the vehicles' entertainment system. Owners can download the fix to a thumb drive from a Fiat Chrysler website and install it in 30 to 45 minutes or have the update done at a dealership, the company said.
On July 24, Fiat Chrysler recalled about 1.4 million vehicles.
The models affected include 2013 and 2014 Ram pickups and 2014 Jeep Cherokee and Grand Cherokee SUVs, as well as some 2015 Chrysler 200 cars.
By 2022, 82.5 million autos worldwide will be connected to the Internet, more than three times the 26.5 million connected cars this year, according to IHS. In seven years, 78 percent of the cars sold globally will be connected, up from 30 percent now, the consulting firm said.
The auto industry's two biggest trade groups, the Alliance of Automobile Manufacturers and the Association of Global Automakers, said on July 14 that they would form an information-sharing and analysis center by the end of the year to collaborate against emerging hacking threats.
Cars are not as rich a target as banks and retailers. Because the vehicles lack such personal data, the auto industry probably won't face a concerted threat yet from hackers, IHS's Juliussen said.
"There aren't many ways to earn money from hacking a car," he said. "You could wreak havoc with traffic flow or cyberwarfare, but that's not the sort of thing an average hacker would do."